I don’t recognise myself in the media portrayal of vulnerable scam victims. I am a 33-year-old professional with no health problems. I have worked on projects to do with scam awareness, and I didn’t think it would happen to me. I didn’t realise it was a scam when people pretending to be from my bank, Revolut, called me up, used social engineering to get me into a total panic, and tricked me into transferring £20,000 of my savings for my upcoming wedding. It began with two texts, purportedly from Hermes and six days apart, requiring two £1.50 admin fees to reschedule two missed deliveries. Since I was expecting a Hermes delivery of a sofa, I wasn’t suspicious, and I used the link to pay the two fees with my Revolut and Nationwide debit cards.
Three days later I was called by an agent claiming to be from Revolut, who told me my account had been compromised by a phishing attack. I was then contacted by a caller who said they were from Nationwide. I checked the phone number on Google and it appeared to be genuine. I was told I was being transferred to the “national fraud agency” and given a case number. Eventually, with plausible explanations, they persuaded me to move £20,000 from my Nationwide to my Revolut account, and then to another newly opened account in my name. Several generic scam alerts did pop up on the Revolut app, but the caller reassured me it was because it was a new account. At this point I was crying, but I was so caught up in trying to escape the first phishing scam and the belief that they were helping me that I did what they said. By the time I realised I had been scammed, the money was gone. Revolut is refusing to reimburse me, despite the fact that the transfer was out of character. The irony is that it was because the money was for my wedding that I was so eager to protect it.
You’re right that scam victims are generally portrayed as elderly or vulnerable, whereas research shows that young people are most susceptible. Many of those who have never been scammed take a dim view of those who lose their savings to fraudsters. In the cold light of day, your actions look rash, but what a written account can’t convey is the panic that scammers stoke in their prey to muddle their judgment and terrify them into instant action.
That’s why a voluntary scheme, the “contingent reimbursement model” (CRM), was launched in 2019 to require signatory banks to detect and prevent payment scams and to compensate the soaring numbers of fraud victims who have not been unduly negligent. According to the Financial Ombudsman Service, which decides whether banks have acted fairly to customers, “the increasing sophistication of scams means that the bar for gross negligence is high – it’s more than just a test of whether someone was careless”.
Nationwide is not liable under the code because it allowed you to transfer your own money to your own, safe Revolut account rather than a suspicious third party. Revolut is not a signatory to the CRM but claims that it relies on the spirit of it. It told me that you were not entitled to a refund because you had overridden its warnings during the transaction. These warnings were generic pop-ups asking you if you trust the beneficiary. The Lending Standards Board, which oversees the CRM, makes it clear that banks must consider the individual circumstances of the scam before deciding whether a customer acted reasonably or not, and should not rely on generic warnings that do not specifically apply to the particular transaction. “Effective warnings should be dynamic and tailored, and based on the type of transaction taking place,” said Emma Lovell, chief executive of the board. “Banks are responsible for assessing how well their internal fraud prevention processes are working.”
Revolut did not respond to my repeated requests for a comment on how it measures the effectiveness of its warnings. I asked whether it had taken into account the psychological grooming the scammers subjected you to, and the fact that they were calling from a number spoofed to duplicate Revolut’s, and had harvested enough of your account information from the fake Hermes text to convince you they were genuine. It repeated that it considered its automated warnings sufficient.
I believe that the bank’s security processes were inadequate in your case, given that it has far more awareness of scammer tactics than the average customer. Despite the fact that the name on the recipient account did not match the name you thought you were paying, and that the transactions in and out of your account were highly unusual, it did not attempt to block them and question you further. Again, it told me its automated warnings were sufficient protection. In a very similar case involving Revolut, the Financial Ombudsman Service decided that the bank’s reliance on generic warning messages was insufficient and ordered it to refund the customer with interest. I’ve since assisted you in taking your case to the ombudsman, but a backlog means that, four months later, you’ve been informed that an investigation has still not begun.
Email [email protected]. Include an address and phone number. Submission and publication are subject to our terms and conditions